tweak NOFORK_NOEXEC.lst

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-08-04 16:01:39 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-08-04 16:01:39 +0200
commit: 7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586 (patch)
tree: 347ff34f9b1d558859d47cd67ef22e73567a9a9e
parent: f8cdc7a2bcd0a9d067f5ca7da8ce7bc9c98cf34e (diff)
download: busybox-w32-7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586.tar.gz
busybox-w32-7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586.tar.bz2
busybox-w32-7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586.zip
1 files changed, 11 insertions, 9 deletions
diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst
index 14019bf7d..74922ff52 100644
--- a/NOFORK_NOEXEC.lst
+++ b/NOFORK_NOEXEC.lst
@@ -2,26 +2,28 @@ Why an applet can't be NOFORK or NOEXEC?
 Why can't be NOFORK:
 interactive: may wait for user input, ^C has to work
-spawner: "tool PROG ARGS" which changes program's environment - must fork
+spawner: "tool PROG ARGS" which changes program state and execs - must fork
 changes state: e.g. environment, signal handlers
 alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies
 open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies
+leaks: does not free allocated memory or opened fds
 runner: sometimes may run for long(ish) time, and/or works with network:
        ^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
-"runners" can become eligible after shell is taught ^C to interrupt NOFORKs!
+"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
+need to be inspected that they do not fall into alloc+xfunc, open+xfunc
+categories.
 Why can't be NOEXEC:
 suid: runs under different uid - must fork+exec
 Why shouldn't be NOFORK/NOEXEC:
-complex: no immediately obvious reason why NOFORK wouldn't work,
+rare: not started often enough to bother optimizing (example: poweroff)
-        but does some non-obvoius operations (example: fuser, lsof, losetup);
+daemon: runs indefinitely; these are also always fit "rare" category
-        nested xmallocs (typical in complex code) is a problem for NOFORK
-rare: not used often enough to bother optimizing (example: poweroff)
 longterm: often runs for a long time (many seconds), execing would make
        memory footprint smaller
-daemon: runs indefinitely
+complex: no immediately obvious reason why NOFORK wouldn't work,
+        but does some non-obvoius operations (example: fuser, lsof, losetup)
 [ - NOFORK
 [[ - NOFORK
@@ -59,7 +61,7 @@ chpasswd - runner (list of "user:password"s from stdin)
 chpst - spawner
 chroot - spawner
 chrt - spawner
-chvt
+chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
 cksum - noexec. runner
 clear - NOFORK
 cmp - runner
@@ -69,7 +71,7 @@ cp - noexec. runner
 cpio - runner
 crond - daemon
 crontab
-cryptpw
+cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec.
 cttyhack - spawner
 cut - noexec. runner
 date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-08-04 16:01:39 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-08-04 16:01:39 +0200
commit	7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586 (patch)
tree	347ff34f9b1d558859d47cd67ef22e73567a9a9e
parent	f8cdc7a2bcd0a9d067f5ca7da8ce7bc9c98cf34e (diff)
download	busybox-w32-7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586.tar.gz busybox-w32-7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586.tar.bz2 busybox-w32-7f9d62d7f5b67b6b1cc7e0b94826ba2a6e193586.zip

diff --git a/NOFORK_NOEXEC.lst b/NOFORK_NOEXEC.lst index 14019bf7d..74922ff52 100644 --- a/NOFORK_NOEXEC.lst +++ b/NOFORK_NOEXEC.lst
@@ -2,26 +2,28 @@ Why an applet can't be NOFORK or NOEXEC?
2		2
3	Why can't be NOFORK:	3	Why can't be NOFORK:
4	interactive: may wait for user input, ^C has to work	4	interactive: may wait for user input, ^C has to work
5	spawner: "tool PROG ARGS" which changes program's environment - must fork	5	spawner: "tool PROG ARGS" which changes program state and execs - must fork
6	changes state: e.g. environment, signal handlers	6	changes state: e.g. environment, signal handlers
7	alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies	7	alloc+xfunc: xmalloc, then xfunc - leaks memory if xfunc dies
8	open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies	8	open+xfunc: opens fd, then calls xfunc - fd is leaked if xfunc dies
		9	leaks: does not free allocated memory or opened fds
9	runner: sometimes may run for long(ish) time, and/or works with network:	10	runner: sometimes may run for long(ish) time, and/or works with network:
10	^C has to work (cat BIGFILE, chmod -R, ftpget, nc)	11	^C has to work (cat BIGFILE, chmod -R, ftpget, nc)
11		12
12	"runners" can become eligible after shell is taught ^C to interrupt NOFORKs!	13	"runners" can become eligible after shell is taught ^C to interrupt NOFORKs,
		14	need to be inspected that they do not fall into alloc+xfunc, open+xfunc
		15	categories.
13		16
14	Why can't be NOEXEC:	17	Why can't be NOEXEC:
15	suid: runs under different uid - must fork+exec	18	suid: runs under different uid - must fork+exec
16		19
17	Why shouldn't be NOFORK/NOEXEC:	20	Why shouldn't be NOFORK/NOEXEC:
18	complex: no immediately obvious reason why NOFORK wouldn't work,	21	rare: not started often enough to bother optimizing (example: poweroff)
19	but does some non-obvoius operations (example: fuser, lsof, losetup);	22	daemon: runs indefinitely; these are also always fit "rare" category
20	nested xmallocs (typical in complex code) is a problem for NOFORK
21	rare: not used often enough to bother optimizing (example: poweroff)
22	longterm: often runs for a long time (many seconds), execing would make	23	longterm: often runs for a long time (many seconds), execing would make
23	memory footprint smaller	24	memory footprint smaller
24	daemon: runs indefinitely	25	complex: no immediately obvious reason why NOFORK wouldn't work,
		26	but does some non-obvoius operations (example: fuser, lsof, losetup)
25		27
26	[ - NOFORK	28	[ - NOFORK
27	[[ - NOFORK	29	[[ - NOFORK
@@ -59,7 +61,7 @@ chpasswd - runner (list of "user:password"s from stdin)
59	chpst - spawner	61	chpst - spawner
60	chroot - spawner	62	chroot - spawner
61	chrt - spawner	63	chrt - spawner
62	chvt	64	chvt - leaks: get_console_fd_or_die() may open a new fd, or return one of stdio fds. Also, "rare" category. Can be noexec.
63	cksum - noexec. runner	65	cksum - noexec. runner
64	clear - NOFORK	66	clear - NOFORK
65	cmp - runner	67	cmp - runner
@@ -69,7 +71,7 @@ cp - noexec. runner
69	cpio - runner	71	cpio - runner
70	crond - daemon	72	crond - daemon
71	crontab	73	crontab
72	cryptpw	74	cryptpw - changes state: with --password-fd=N, moves N to stdin. Also, "rare" category. Can be noexec.
73	cttyhack - spawner	75	cttyhack - spawner
74	cut - noexec. runner	76	cut - noexec. runner
75	date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)	77	date - noexec. nofork candidate(needs to stop messing up env, free xasprintf result, not use xfuncs after xasprintf)